_/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/_/_/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/_/ _/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/ _/ _/ _/_/_/_/ _/ _/ ============================================================================ Newsletter of the IEEE Computer Society's TC on Security and Privacy Electronic Issue 189 January 28, 2026 Hilarie Orman, Editor Sven Dietrich, Assoc. Editor cipher-editor @ ieee-security.org cipher-assoc-editor @ ieee-security.org Sven Dietrich Yong Guan Book Review Editor Calendar Editor cipher-bookrev @ ieee-security.org cipher-cfp @ ieee-security.org ============================================================================ The newsletter is also at http://www.ieee-security.org/cipher.html Cipher is published 6 times per year Contents: * Letter from the Editor * Commentary and Opinion and News o Sven Dietrich's review of "Dissecting the Dark Web - Reverse Engineering the Underground Economy" by Lindsay Kaye o News from the media - RSAC Is More Than the Conference - Pardon Me, But Your GMail Password is Showing - CISA's Whole Vulnerability Catalog - New Ransomware Signals a Healthy Industry o Book reviews, Conference Reports and Commentary and News items from past Cipher issues are available at the Cipher website * Conference and Workshop Announcements o Upcoming calls-for-papers and events * List of Computer Security Academic Positions, by Cynthia Irvine * Staying in Touch o Information for subscribers and contributors o Recent address changes * Links for the IEEE Computer Society TC on Security and Privacy o Becoming a member of the TC o TC Officers o TC publications for sale ==================================================================== Letter from the Editor ==================================================================== Dear Readers: The TCSP flagship conference, the Security and Privacy Symposium, will be held in San Francisco this May. The location has shifted from the Embarcadero to Union Square. It is now a lightning-round event with very short talks compromising a huge program. The associated workshops are particularly cutting-edge this year: LangSec: The 12th Workshop on Language-theoretic Security CyberBio: First International Workshop on Cyberbiosecurity ArtSec: Workshop on Artwork Security and Provenance in the Age of AI SAGAI: Secure Agents for Generative Artificial Intelligence ConPro: Workshop on Technology and Consumer Protection MetaCRiSP: Workshop on Meta-Science and Critical Reflections in Security & Privacy Research Data4SoftSec: Workshop on Datasets for Software Security Sven Dietrich has favored us with review of a book about the Dark Web. The book will be released this spring --- the early bird gets the book! Up until a year ago, the news section of this publication usually contained several descriptions of ransomware attacks or newly revealed zero-days of recently discovered intrusions by nation-state actors. The stories appeared in mainstream media, and many of them were from SEC filings. These seem to have dried up, leading me to wonder if the true state of the nation's cybersecurity is being withheld from public view. Last month I reported on a light-hearted attempt to use generative AI to write the Cipher Editor's letter. This month I will recount my experience in using it for the practical purpose of maintaining the Cipher Calendar of Events. There is good and bad news. The Cipher online Calendar-of-Events is composed by processing the the calls-for-papers for research events with ad hoc software that parses freeform text. It's not perfect, and it requires some user interaction, but generally, it takes only a minute to process the call-for-papers, to generate the entry in the online calendar, and to create the supporting text file. Nonetheless, by the standards of today, that's painfully slow and tedious. Besides, it's a pain to keep the software up-to-date. People take to writing dates with silly UTF characters, location designators are highly variable, and these changes challenge software that has a more limited view of data. We also maintain a page of CFPs, separate from the Calendar, and our associate editor puts a lot of work into that. He generously converts his listing manually into Calendar entries for publication in this newsletter. I've long felt that we need a more efficient system, one that puts minimal burden on conference organizers and Cipher volunteers. Of course, I turned to AI. I found that with only minimal prompting, the Anthropic Claude system could start with the acronym of a conference and quickly find the current call-for-papers, extract all the relevant information, and present it in a simple, condensed format, suitable for inclusion in the calendar. It could also detect that the CFP had not yet been published and tell me the approximate date on which it would appear online. That is a delightful and eminently usable result, and I quickly took advantage of it to populate the calendar. But I feared that my usage was too pedestrian given the seemingly unlimited capabilities of this new tool. Why not generate the whole calendar at once, from one prompt? And if that worked, then we would not need an online calendar, we would only need an AI prompt to generate a calendar, and anyone could have their own, customized, up-to-date calendar, at any time. So in the dialogue with Claude, I asked for the formatted information for all security research conferences and workshops with submission deadlines within the next 180 days. The list that I got back was a good start, but it was hardly comprehensive. Well-established conferences had been omitted, and although they could be found with further prompting (basically, "try harder"), the AI system was strangely blind to some events. So, the simple, customized index for research events is not yet available from AI, although something that is about 80% complete can be had for little effort. This leaves me eager for a better solution, a standardized object that I'd call an Artificial Intelligence Information Prompt (AIIP). An AIIP would be a formatted string for AI queries that produce useful, very accurate results, like those for a comprehensive events calendar. But, we need a way to get beyond the 80% mark. How can conference organizers be sure that their information can be found by AI systems? Without going back to older, cumbersome ideas for uniform data representation, I'm not sure. I do fear that 80% is good enough for most people, that AI will take over the entire process of information retrieval, and 20% of conferences will fail to thrive because they are mysteriously invisible to AI algorithms. A Nursery Rhyme for a New Age A tisket, a tasket, A green and yellow basket. I wrote a letter to my love And on the way I lost it. A mascot, a miscut, A generative mashup. Gen AI wrote a letter to my love, It won his heart, we made up. A song of a wild dove, Is AI my new love? It wrote my letter and my vows, Is it my ergo sum now? Hilarie Orman cipher-editor @ ieee-security.org ==================================================================== Commentary and Opinion ==================================================================== ____________________________________________________________________ Book Review By Sven Dietrich January 26, 2026 ____________________________________________________________________ "Dissecting the Dark Web - Reverse Engineering the Underground Economy" by Lindsay Kaye No Starch Press 2026. ISBN 978-1-7185-0460-8 (print) ISBN-13: 978-1-7185-0461-5 (ebook), xxiii + 384 pages The Dark Web is a playground for many shady characters, forming an underground economy of illicit goods and services that attracts much scrutiny. Malware and hacking services can be found there, up for grabs or up for sale. Reverse engineering this underground economy is an interesting task to tackle. The hacker underground has existed in many forms over the years (or decades), from X.25 packet-switched networks to phone/modem-based Bulletin Board Systems (BBSs), to gopher and ftp sites, and eventually to the Dark Web, aka the hidden dark corners of what we now call the Internet. Publicly available browsers such as the Tor browser have made the Dark Web accessible to anyone who wishes to access it. This upcoming book with a scheduled release date of May 2026 dissects the Dark Web from multiple angles. As a reviewer I was given access to an early release version of the book, so your mileage may vary. This roughly 400-page book "Dissecting the Dark Web - Reverse Engineering the Underground Economy" is divided into 12 chapters to cover various aspects of the Dark Web, including operational security, reverse engineering, and analytical thinking. Most chapters are structured around a case study, background, and a set of exercises at the end to perform a knowledge check. The exercise solutions are at the end of the book for the gratification of the reader. Throughout the book, the reader will find information boxes, screenshots of actual Dark Web interactions, content of malware or web pages, and code snippets (yes, treat those as malicious, as per the author's own warning!). Think of it as a series of amuse-bouches to whet your appetite for the real thing! After the introduction, which helps the reader to get oriented, the first chapter 'A Visit to the Dark Web' is about getting to the Dark Web. The chapter starts with a first-person account of the author's exposure to the underground economy of the Dark Web. The chapter describes the tools necessary to access the Dark Web, the modalities of the Dark Web, such as the goods and services you may find there, the people who pass through, the payment systems in use, and perhaps some useful technical software analysis tools to dissect the malware and other pieces of software that one may stumble upon. The second chapter 'Vulnerabilities, Exploits, and Access' focuses on the attackers' ways to compromise a system and gain access to it. Here the reader discovers those techniques, including what would be offered on the Dark Web for performing those breaches, either by buying credentials or the means of acquiring them in other ways. The third chapter 'Malware Delivery Techniques' shifts to approaches for getting malware to their intended target(s), for example by using so-called loaders or even fully instrumented botnets. As for exercises, they are based on recent cases of malware, e.g. the Mirai botnet, which helps the reader get into the minds of the bad guys. In the fourth chapter, the author switches to 'Information stealers.' This is something we often hear about when we read about large password database dumps being published, as they often (but not always) result from attackers instrumenting systems to capture credentials from users. The January 2026 release of a 149-million list of user/password credentials is such an example collected from information stealers that are described in this chapter. One could expect to find the output of such information stealer in the Dark Web eventually. The fifth chapter 'Banking Trojans' describes another high value target from the financial domain. As bank accounts constitute a desirable prize in the form of online access credentials, this is another area of interest on the Dark Web. This could be considered a continuation of listings of credit card numbers from the earlier days of the Dark Web. The sixth chapter switches gears to more evasive techniques to help with malware propagation and delivery: 'Packers and Crypters.' First, these tools are used to prevent early detection of malware by the defenders, as it slows down analysis techniques and can prevent triggers of antivirus or anti-malware systems. Second, the better they are, the higher the prices will be on the Dark Web for the lesser trained hackers to acquire and use. These tools can be applied to the malware described in the third chapter. The seventh chapter 'Command-and-Control Frameworks' describes the communication techniques used by the attackers to interact with their herd of malware, for example. The better and more resilient the techniques are, the higher prices the sellers will achieve for providing a hard-to-eradicate botnet. In the eighth chapter 'Post-Exploitation Toolkits,' the reader learns about the toolkits for acting after an initial foothold on the system has been achieved. As the possibilities are endless, this chapter explores some examples such as further escalation of access, or lateral movement within an enterprise that has been compromised. In the exercise in this chapter, the reader will explore Metasploit's post-exploitation capabilities. In the ninth chapter 'Living off the Land,' the author shows how the attackers minimize the detection risk by (re)using existing operating system tools to complete their nefarious tasks. Such tasks could include discovery of credentials via Active Directory for lateral movement, or tools that facilitate privilege escalation. Such techniques are often applied by ransomware. The tenth chapter 'Windows Ransomware' explains the basics of ransomware in its historical context, as well as the ransomware-as-a-service groups that one would nowadays find on the Dark Web. Ransomware is an ongoing problem for organizations as it can severely disrupt their operations. This chapter focuses on the Windows operating system variants and shows how defenders can develop countermeasures or mitigations to ransomware attacks. The eleventh chapter 'Linux and Esxi Ransomware' is about the Linux and virtualization environment variants of the ransomware. Since many systems operate in the cloud, an attack to the hypervisor (such as VMware's Esxi) would have big impact on an organization using such infrastructure. The last chapter 'Lessons from the Underground Economy' wraps up the book. Here the author muses about the implications of takedown operations, the habits of threat actors, and where the field may be headed due to automation on both sides of the fence. Lindsay Kaye has created a great technical book for those unfamiliar with the 'trenches' of cybersecurity and the Dark Web. It allows the reader to get a hands-on, real-world perspective of what attackers are doing, either by studying the cases described in the book, or taking a first step into the Dark Web to see for themselves. It is aimed at professionals, analysts, and researchers alike who are curious about the 'hacker underground.' I enjoyed reading this book as it brought back memories from my own times of exploration many, many moons ago. ____________________________________________________________________ Sven Dietrich reviews technology and security books for IEEE Cipher. He welcomes your thoughts at spock at ieee dot org. ____________________________________________________________________ Book reviews from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/BookReviews.html, and conference reports are archived at http://www.ieee-security.org/Cipher/ConfReports.html ==================================================================== News Briefs ==================================================================== News briefs from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/NewsBriefs.html RSAC Is More Than the Conference Former CISA Director Jen Easterly Will Lead RSAC Conference The longtime cybersecurity professional says she's taking the helm of the legacy security organization at "an inflection point" for tech and the world beyond. Publisher: Wired https://www.wired.com/story/former-cisa-director-jen-easterly-will-lead-rsa-conference/ Date: Jan 15, 2026 By: Lily Hay Newman Summary: The RSAC Conference these days is not just an annual cybersecurity conference but a company that supports many other events and initiatives. Its new CEO is poised to take it further in supporting "next generation AI-driven cyber companies." Jen Easterly previously led the DHS Cybersecurity and Infrastructure Security Agency, but her association with initiatives to identify election misinformation efforts by foreign actors led her afoul of the current administration. The RSAC position is one where she will continue her trust building and collaboration acumen. --------------------------------- Pardon Me, But Your GMail Password is Showing 149 Million Login Credentials Exposed In Leak - Including An Estimated 48 Million Gmail Accounts Publisher: Forbes https://www.forbes.com/sites/daveywinder/2026/01/25/48-million-gmail-usernames-and-passwords-leaked-online/> Date: Jan 25, 2026 By: Davey Winder Summary: A huge collection of user credentials was exposed recently. It had been sitting, unencrypted, unprotected, on an obscure server. The researcher who found it watched as more data was added, showing that it was being accumulated actively. The likely source of the data was malware in the form of keyloggers, though no actual source or usage was found before the hosting provider removed it. The article summarizes the situation in this way: "So, to reiterate, this is not a new breach; it impacts multiple services, and is most likely a compilation of existing compromised credentials. Gmail just happens to be the one that is featured most, by some margin, within it. So don't panic, but do ensure you have unique passwords and ideally make use of the Google passkey function instead." --------------------------------- CISA's Whole Vulnerability Catalog CISA Cybersecurity Alerts & Advisories https://www.cisa.gov/news-events/cybersecurity-advisories> Summary: The DHS Cybersecurity and Infrastructure Security Agency has a valuable catalog of exploited vulnerabilities and exposures that security professionals should follow diligently. For example, on January 26, five new exploits were added: CVE-2018-14634 Linux Kernel Integer Overflow Vulnerability CVE-2025-52691 SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability CVE-2026-21509 Microsoft Office Security Feature Bypass Vulnerability CVE-2026-23760 SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Channel Vulnerability CVE-2026-24061 GNU InetUtils Argument Injection Vulnerability In previous years, descriptions of exploits might have been more readily available. The catalog listings are important, but actual damage done by the problem software is also valuable. ------------ CISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities Publisher: The Hacker News https://thehackernews.com/2026/01/cisa-updates-kev-catalog-with-four.html> Date: Jan 23, 2026 By: Ravie Lakshmanan Summary: This article has a short discussion of new catalog entries in the CISA list of exploited vulnerabilities. It is interesting to note that one of the, CVE-2025-54313, refers to a supply chain attack first noted in July of 2025. ---------------------------------- New Ransomware Signals a Healthy Industry New Osiris Ransomware Emerges as New Strain Using POORTRY Driver in BYOVD Attack Publisher: The Hacker News https://thehackernews.com/2026/01/new-osiris-ransomware-emerges-as-new.html> Date: Jan 22, 2026 By: Ravie Lakshmanan Summary: Although malware is often based on tried-and-true techniques, once in a while something new comes along. Researchers at cybersecurity companies have noticed a ransomware code base called OSIRIS being exploited through corrupted drivers, and that may indicate that there are new players in the ransomware development dens. It interesting to note that the corrupted driver problem first surface a few years ago with the POORTRY software, a Windows kernel driver that was signed with Microsoft keys (https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2023-069/) . It is still circulating and delivering malware. The article also contains summaries of which malicious software groups are currently the most active how they are related. For example, "LockBit (aka Syrphid), which partnered with DragonForce and Qilin in October 2025". Maybe an IPO is in the works? ==================================================================== Listing of academic positions available by Cynthia Irvine ==================================================================== http://cisr.nps.edu/jobscipher.html -------------- This job listing is maintained as a service to the academic community. If you have an academic position in computer security and would like to have in it included on this page, send the following information: Institution, City, State, Position title, date position announcement closes, and URL of position description to: irvine@cs.nps.navy.mil ==================================================================== Conference and Workshop Announcements The complete Cipher Calls-for-Papers is located at http://www.ieee-security.org/CFP/Cipher-Call-for-Papers.html The Cipher event Calendar is at http://www.ieee-security.org/Calendar/cipher-hypercalendar.html ____________________________________________________________________ Cipher Event Calendar ____________________________________________________________________ Calendar of Security and Privacy Related Events maintained by Hilarie Orman Date (Month/Day/Year), Event, Locations, web page for more info. IEEE Transactions on Privacy, https://www.computer.org/csdl/journals/pr Submission date: Ongoing ICBC 2026 8th IEEE International Conference on Blockchain and Cryptocurrency, Brisbane, Australia, June 1-5, 2026. https://icbc2026.ieee-icbc.org/ Submission date: 26 January 2026 CSF 2026 39th IEEE Computer Security Foundations Symposium, Colocated with FLoC 2026, Lisbon Portugal, July 26-29, 2026. https://csf2026.ieee-security.org/ Submission dates: 24 July 2025, 9 October 2025, and 29 January 2026 USENIX Security 2026 35th USENIX Security Symposium, Baltimore, MD, USA, August 12-14, 2026. https://www.usenix.org/conference/usenixsecurity26 Submission dates: 19 August 2025 and 29 January 2026 AMASS 2026 Workshop on Advances in Malware Analysis and Software Security, Held in conjunction with ACM ASIACCS, Bangalore, India, June 2, 2026. https://sites.google.com/view/amass2026/home Submission date: 31 January 2026 CSR 2026 IEEE International Conference on Cyber Security and Resilience, Lisbon, Portugal, August 3 - 5, 2026. https://www.ieee-csr.org/ Submission date: 2 February 2026 DFRWS-USA 2026 26th Digital Forensics Research USA Conference, Arlington, Virginia, USA, July 27 - 30, 2026. https://dfrws.org/call-for-papers-is-open-for-dfrws-usa-2026/ Submission date: 6 February 2026 NDSS 2026 Network and Distributed System Security, San Diego, CA, USA, February 23-27, 2026. https://www.ndss-symposium.org/ndss2026/submissions/call-for-papers/ PETS 2026 26th Privacy Enhancing Technologies Symposium, Calgary, Canada, July 20-25, 2026. https://petsymposium.org/cfp26.php Submission dates: 31 May 2025, 31 August 2025, 30 November 2025, and 28 February 2026 SCN 2026 15th International Conference on Security and Cryptography for Networks, Amalfi (SA), Italy, September 14 - 16, 2026. https://scn.unisa.it/ Submission date: 28 February 2026 ACM WiSec 2026 19th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Saarbrucken, Germany, June 30 - July 3, 2026. https://wisec26.events.cispa.de/ Submission date: 18 November 2025 and 3 March 2026 Electronics Journal, Special Issue on Data Privacy Protection in Blockchain Systems. https://www.mdpi.com/journal/electronics/special_issues/14QMWO4O7C Submission date: 15 March 2026 SaTML 2026 4th IEEE Conference on Secure and Trustworthy Machine Learning, Munich, Germany, March 23-25, 2026. https://satml.org/ ICDF2C 2026 17th EAI International Conference on Digital Forensics & Cyber Crime, Reykjavik, Iceland, September 8 - 10, 2026. https://icdf2c.eai-conferences.org/2026/ Submission date: 27 March 2026 ESORICS 2026 31st European Symposium on Research in Computer Security, Rome, Italy, September 21 - 25, 2026. https://sites.google.com/di.uniroma1.it/esorics2026/home Submission date: 9 January 2026 and 21 April 2026 ACM CCS 2026 33rd ACM Conference on Computer and Communications Security, Hague, The Netherlands, November 15-19, 2026. https://www.sigsac.org/ccs/CCS2026/call-for/call-for-papers.html Submission dates: 7 January 2026 and 22 April 2026 HOST 2026 19th IEEE International Symposium on Hardware Oriented Security and Trust, Washington DC, USA, May 4-7, 2026. https://host.conferences.computer.org/2026/ SP 2026 47th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, May 18-21, 2026. https://sp2026.ieee-security.org/cfpapers.html ICBC 2026 8th IEEE International Conference on Blockchain and Cryptocurrency, Brisbane, Australia, June 1-5, 2026. https://icbc2026.ieee-icbc.org/ ACM ASIACCS 2026 21st ACM ASIA Conference on Computer and Communications Security, Bangalore, India, June 1-5, 2026. https://asiaccs2026.cse.iitkgp.ac.in/call-for-papers/ AMASS 2026 Workshop on Advances in Malware Analysis and Software Security, Held in conjunction with ACM ASIACCS, Bangalore, India, June 2, 2026. https://sites.google.com/view/amass2026/home CODASPY 2026 16th ACM Conference on Data and Application Security and Privacy, Frankfurt am Main, Germany, June 23 - 25, 2026. https://www.codaspy.org/2026/ ACM WiSec 2026 19th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Saarbrucken, Germany, June 30 - July 3, 2026. https://wisec26.events.cispa.de/ PETS 2026 26th Privacy Enhancing Technologies Symposium, Calgary, Canada, July 20-25, 2026. https://petsymposium.org/cfp26.php CSF 2026 39th IEEE Computer Security Foundations Symposium, Colocated with FLoC 2026, Lisbon Portugal, July 26-29, 2026. https://csf2026.ieee-security.org/ DFRWS-USA 2026 26th Digital Forensics Research USA Conference, Arlington, Virginia, USA, July 27 - 30, 2026. https://dfrws.org/call-for-papers-is-open-for-dfrws-usa-2026/ CSR 2026 IEEE International Conference on Cyber Security and Resilience, Lisbon, Portugal, August 3 - 5, 2026. https://www.ieee-csr.org/ USENIX Security 2026 35th USENIX Security Symposium, Baltimore, MD, USA, August 12-14, 2026. https://www.usenix.org/conference/usenixsecurity26 ICDF2C 2026 17th EAI International Conference on Digital Forensics & Cyber Crime, Reykjavik, Iceland, September 8 - 10, 2026. https://icdf2c.eai-conferences.org/2026/ SCN 2026 15th International Conference on Security and Cryptography for Networks, Amalfi (SA), Italy, September 14 - 16, 2026. https://scn.unisa.it/ ESORICS 2026 31st European Symposium on Research in Computer Security, Rome, Italy, September 21 - 25, 2026. https://sites.google.com/di.uniroma1.it/esorics2026/home ACM CCS 2026 33rd ACM Conference on Computer and Communications Security, Hague, The Netherlands, November 15-19, 2026. https://www.sigsac.org/ccs/CCS2026/call-for/call-for-papers.html ____________________________________________________________________ Information for Subscribers and Contributors ____________________________________________________________________ SUBSCRIPTIONS: Two options, each with two options: 1. To receive the full ascii CIPHER issues as e-mail, send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe". OR send a note to cipher-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) 2. To receive a short e-mail note announcing when a new issue of CIPHER is available for Web browsing send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe postcard". OR send a note to cipher-postcard-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) To remove yourself from the subscription list, send e-mail to cipher-admin@ieee-security.org with subject line "unsubscribe" or "unsubscribe postcard" or, if you have subscribed directly to the xmission.com mailing list, use your password (sent monthly) to unsubscribe per the instructions at http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher or http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher-postcard Those with access to hypertext browsers may prefer to read Cipher that way. It can be found at URL http://www.ieee-security.org/cipher.html CONTRIBUTIONS: to cipher @ ieee-security.org are invited. Cipher is a NEWSletter, not a bulletin board or forum. It has a fixed set of departments, defined by the Table of Contents. Please indicate in the subject line for which department your contribution is intended. Calendar and Calls-for-Papers entries should be sent to cipher-cfp @ ieee-security.org and they will be automatically included in both departments. To facilitate the semi-automated handling, please send either a text version of the CFP or a URL from which a text version can be easily obtained. For Calendar entries, please include a URL and/or e-mail address for the point-of-contact. For Calls for Papers, please submit a one paragraph summary. See this and past issues for examples. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. All reuses of Cipher material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy, publications using Cipher material should obtain permission from the contributors. ____________________________________________________________________ Recent Address Changes ____________________________________________________________________ Address changes from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/AddressChanges.html ==================================================================== Information on the Technical Committee on Security and Privacy ==================================================================== _____________________________________________________________________ How to become <> a member of the IEEE Computer Society's TC on Security and Privacy _____________________________________________________________________ You may easily join the TC on Security & Privacy (or other TCs) by completing the on-line form at IEEE at https://www.computer.org/web/tandc/technical-committees ______________________________________________________________________ TC Conference Publications Online ______________________________________________________________________ The proceedings of previous conferences are available from the Computer Society's Digital Library. IEEE Security and Privacy Symposium IEEE Computer Security Foundations IEEE European Security and Privacy Symposium From 2012 onward, these are available without charge from the digital library 12 months after the conference. ____________________________________________________________________________ TC Officers ____________________________________________________________________________ Chair: Security and Privacy Symposium Chair Emeritus: Thorsten Holz Trent Jaeger Faculty Member Associate Professor CISPA Helmholtz Center for Pennsylvania State University Information Security https://www.cse.psu.edu/~trj1 tcchair at ieee-security.org sp24-chair@ieee-security.org Vice Chair: Treasurer: Alvaro Cardenas Yong Guan Professor Professor University of California, Department of Electrical and Computer Santa Cruz Engineering tcchair at ieee-security.org Iowa State University, Ames, IA 50011 treasurer@ieee-security.org Newsletter Editor: Security and Privacy Symposium, 2025 Chair: Hilarie Orman Marina Blanton Purple Streak, Inc. Associate Professor 500 S. Maple Dr. University at Buffalo Woodland Hills, UT 84653 sp25-chair at ieee-security.org cipher-editor@ieee-security.org TC Awards Chair: Tegan Brennan Assistant Professor Stevens Institute of Technology tbrenna5 at stevens.edu ____________________________________________________________________________ BACK ISSUES: Cipher is archived at: http://www.ieee-security.org/cipher.html Cipher is published 6 times per year